In this week’s episode, CoinDesk’s Christine Kim and Consensys’ Ben Edgington discuss a “severe threat” against Ethereum that was recently fixed and disclosed by non-profit organization the Ethereum Foundation.
This episode is sponsored by and The Sun Exchange.
On Tuesday, May 18, the Ethereum Foundation published a blog post detailing a previously unknown attack vector on Ethereum where certain transactions could overwhelm the network and delay block production from a matter of seconds to minutes.
“It wasn’t a sort of classic security vulnerability in that nobody was going to get hacked,” said Edgington. “It was more a [Denial of Service] opportunity, a griefing attack. So there was potentially a way that the chain could be slowed down. Blocks would take much longer to produce and process than they ought to.”
According to the blog post, this security vulnerability was first discovered by Ethereum researchers Hubert Ritzdorf and Matthias Egli who shared their findings with members of the Ethereum Foundation through the organization’s bug bounty program on Oct. 4, 2019.
While attempts were made to reduce the effects of the attack by the broader Ethereum developer community, it wasn’t until April 15, 2021, that the issue was solved for good as a result of the activation of two Ethereum Improvement Proposals, EIP 2929 and EIP 2930.
For the six months that developers were working on a solution to the known threat, it was important to keep work somewhat hidden from the public view. The last thing developers wanted was for a potential attacker to find out about this security vulnerability and take advantage of it before a fix to the network was implemented.
While this may raise concerns about transparency and centralization, Kim notes that “no code is absolutely perfect.”
“These kinds of security vulnerabilities are unavoidable,” said Kim. “It’s just a matter of preparing for them by having these centralized players like the Ethereum Foundation to fund bug bounties and to have a known core development team … to keep [things] on the down low until they figure out a fix.”
To listen to the full commentary about Ethereum development and ongoing progress for Ethereum 2.0, listen to this week’s episode of Mapping Out Eth 2.0.
Links mentioned in this podcast: